The SafePay ransomware gang is threatening to leak 3.5TB of knowledge belonging to IT big Ingram Micro, allegedly stolen from the corporate’s compromised programs earlier this month.
Ingram Micro is likely one of the world’s largest business-to-business service suppliers and know-how distributors, providing a variety of options to resellers and managed service suppliers worldwide, together with {hardware}, software program, cloud companies, logistics, and coaching.
Whereas BleepingComputer first reported on July 5 that SafePay was behind this incident, the ransomware gang did not declare duty for the assault till earlier this week, when it added the tech big to its darkish net leak portal.
SafePay ransomware is a personal operation that surfaced in September 2024 and has since added over 260 victims to its leak website; nevertheless, the precise quantity is probably going bigger, as solely victims who do not pay are listed.
They’re additionally identified for stealing delicate paperwork earlier than encrypting victims’ programs and threatening to leak this stolen information on the darkish net if a ransom is just not paid.
For the reason that begin of the yr, SafePay has change into some of the energetic ransomware teams, filling the hole left by LockBit and BlackCat (ALPHV) ransomware.
As BleepingComputer reported earlier this month, Ingram Micro additionally suffered a world outage brought on by the SafePay ransomware assault, with staff informed to earn a living from home and the corporate’s web site and ordering programs taken offline.
Since then, BleepingComputer has realized that the corporate has been engaged on restoring VPN entry to staff and has additionally carried out a company-wide password and multi-factor authentication (MFA) reset.
Ingram Micro shortly recovered from the incident, restoring most of the inside programs and platforms impacted by the assault inside days, permitting staff larger entry to its ordering system.
“Ingram Micro is happy to report that we at the moment are operational throughout all nations and areas the place we transact enterprise. Our groups proceed to carry out at a swift tempo to serve and assist our prospects and vendor companions,” Ingram Micro introduced simply 4 days after disclosing the assault.
Nevertheless, the corporate has but to verify that SafePay ransomware was behind the breach and whether or not the attackers stole information from its compromised programs.
An Ingram Micro spokesperson was not instantly accessible for remark when BleepingComputer reached out for extra info earlier as we speak.
Comprise rising threats in actual time – earlier than they influence your small business.
Learn the way cloud detection and response (CDR) offers safety groups the sting they want on this sensible, no-nonsense information.
